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REMARKS 

Claims 1-28 are currently pending in the subject application, and are presently under 
consideration. Claims 1-28 stand rejected. Claims 18-22 and 26 have been amended herein. 
Favorable reconsideration of the application is requested in view of the amendments and 
comments herein. 

I. Rejection of Claims 1, 18, 23-25 Under 35 U.S.C. §102(e) 

Claims 1,18, 23-25 stand rejected under 35 U.S.C. § 102(e) as being anticipated by U.S. 
6,134,328 to Cordery, et al. ("Cordery"). Withdrawal of this rejection is respectfully requested 
for at least the following reasons. 

Applicant respectfully traverses the characterization of Cordery, as a careful reading of 
Cordery demonstrates that there is no teaching or suggestion a method, or system as recited in the 
rejected claims. In FIG. 2, for instance, Cordery discloses a personal computer connected to a 
certificate meter subsystem and a remote facility. The certificate meter subsystem manages 
secured certificates issued through a certificate authority, wherein the certificate authority is a 
trusted third party, such as a post office. (Col. 3, lines 43-46, and Col. 4 lines 2-3). The 
certificate meter subsystem stores the user's private key, certificate piece count, and certificate 
ascending/descending register. (Col. 4, lines 60-64). Cordery discloses the personal computer 
being connected to a communications port with a secure postage and certificate metering 
subsystem, such as a secure vault system or a secure smart card system. (Col. 4, lines 60-68 and 
Col. 5, lines 8-10). Cordery further teaches that the personal computer includes a modem 
connected to a remote facility communicating via hardwire or radio frequency. (Col. 4, line 68 
and Col. 5 lines 6-8). The remote facility may be the destination of a postmark and certificate 
generated by the certificate meter subsystem. (Col. 6, lines 40-46). 

In rejecting claim 1, the Office Action specifically relies on FIG. 6 of Cordery for its 
showing of a flow chart of a process for revoking a certificate. (Col. 3, lines 30-32). A careful 
reading of Cordery, including the description of FIG. 6, demonstrates the misplaced reliance on 
Cordery. Specifically, the Office Action relies on step 604 of FIG. 6, which performs verifying a 
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request signature, as disclosing creation of an authenticated secure channel with a registration 
web server. Contrary to the contention in the Office Action, Cordery only teaches that a request 
to revoke is verified by the certificate authority to determine whether the request is accepted or 
rejected. If the request passes, then at step 608 the certificate authority issues a signed message 
to the postage and certificate meter to revoke the certificate. Cordery fails to teach any creation 
of a secure channel with a registration web server or any other use of such a server. Instead, the 
only communications disclosed occur between a PC and a postage meter over a direct link or 
between the PC and a remote facility via a modem. Thus, as mentioned above with respect to 
FIG. 2, the infrastructure suggests that the communications implemented in FIG. 6 would occur 
over direct connections. Cordery thus provides no teaching (or even a suggestion) that any 
communication, including a request to a certificate authority is provided as a request to a 
registration web server over the authenticated secure channel, as recited in claim 1. 

Since Cordery fails to disclose use of a registration web server, Cordery similarly fails to 
teach any requesting of the registration web server to revoke a user signature certificate, as 
recited in claim 1 . The Office Action also relies on 608 of FIG. 6 for issuing a singed message 
to postage and certificate meter to revoke the certificate. However, the signed message being 
issued in connection with step 608 of Cordery does not disclose that the signed message be sent 
to a registration web server, but instead Cordery teaches that the signed message is sent to a 
postage meter subsystem 218 (Col. 8, lines 16-19). Nothing in Cordery teaches or even suggests 
that the postage meter is a web server. Applicant submits that this contention in the Office 
Action is further flawed in view of the prior proposition in the Office Action asserting that the 
certificate authority (which verified the request signature at 604) corresponds to a web server. Is 
the Office Action asserting that both the postage meter and the certificate authority are "web 
servers?" If so, Applicant respectfully requests confirmation of this assertion as well as an 
indication of specific citations in Cordery that would support this position. 

Moreover, Cordery fails to teach that a registration web server notifies a directory of 
revocation and that a user entry in the directory is set, as recited in claim 1. The Office Action 
further relies on steps 620, 622 and 624 of FIG. 6 of Cordery as teaching such claimed features. 
In particular, the Office Action asserts that steps 620 and 624 of FIG. 6 of Cordery correspond to 
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the notifying of claim 1 . However, claim 1 recites that a directory is notified by the registration 
web server. As mentioned above, Cordery does not teach use of a registration web server. 
Instead, steps 622 and 624 of Cordery are in fact performed by the postage and certificate meter - 
not a registration web server, as recited in claim 1 . 

Cordery discloses a signed confirmation of revocation and payment is issued and entered 
into a certificate authority database (Col. 8 lines 34-36). Applicant submits that this merely 
corresponds to logging information, namely, revocation time and reason for the revocation (Col. 
8 lines 27-29) and not setting a state of a user entry to a state without a signature certificate, as 
recited in claim 1. That is, nothing in Cordery teaches use of a directory that includes a user 
entry that has state information indicative of the state of a user signature certificate. 

Claim 1 8 has been amended to recite creating an authenticated channel between a server. 
Cordery does not disclose structure to perform recited instructions in claim 18. Claim 18 is 
patentable for substantially the same reasons as claim 1, and its allowance is respectfully 
requested. 

Claim 23 recites a system that is generally similar to claim 1 . Accordingly, claim 23 (as 
well as claims 24-25 depending therefrom) is patentable for substantially the same reasons as 
claim 1 . 

For the reasons stated above, claims 1, 18 and 23-25 are patentable over Cordery. 
Accordingly, reconsideration and allowance of claims 1,18 and 23-25 are respectfully requested. 

II. Rejection of Claims 2-4, 7, 21 and 26 Under 35 U.S.C. §103(a) 

Claims 2-4, 21 and 26 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
U.S. 6,134,328 to Cordery, et al. ("Cordery") in view of U.S. 5,774,552 to Grimmer 
("Grimmer"). Withdrawal of this rejection is respectfully requested for at least the following 
reasons. 
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Claim 2 depends from claim 1, and is allowable over Cordery for substantially the same 
reasons as claim 1. Additionally, as admitted in the Office Action, Cordery does not teach 
generating a directory password for the user during the creation of the user signature certificate. 

In contrast to the contention in the Office Action, the addition of Grimmer does not cure 
the deficiencies of Cordery. Grimmer teaches a method and apparatus for retrieving X.509 
certificates from an X.500 directory service agent. (Col. 1, lines 9-10). Grimmer also teaches a 
UserPassword attribute that is defined to hold user password information in the X.500 directory, 
where a user can query a directory to verify that a password it received from a different user 
matched the one held in the X.500 directory. Grimmer teaches that a UserPassword attribute is 
defined in the X.500 standard, but is silent on when the UserPassword attribute is created. 
Accordingly, Grimmer does not teach or suggest generating a directory password for the user 
during the creation of the user signature certificate. 

Additionally, nothing in Cordery would suggest creating a directory password for a user 
during creation of the user signature certificate. The conclusion of obviousness based on the 
combination of Cordery and Grimmer thus appears to be based on improper hindsight in which 
the present application provides the missing motivation to modify the combination of Cordery 
and Grimmer in the manner suggested in the Office Action, as Cordery fails to teach or suggest 
the use of a password. Assuming arguendo that the combination of Cordery and Grimmer does 
teach creating both a password and a digital certificate, the purported combination still fails to 
teach that the password is created during the creation of the user signature certificate. 

Claims 3, 21, and 26 depend from claims 2, 18, and 23 respectively, and are allowable 
over Cordery for substantially the same reasons as claim 2, 18, and 23. Claim 26 has been 
amended to correct a typographical error by deleting the first occurrence of "one." Claims 4 and 
7 depend from claim 3, and are allowable for substantially the same reasons as claim 3. 

For the reasons stated above, claims 2-4, 7, 21, and 26 are patentable over Cordery in 
view of Grimmer. Accordingly, reconsideration and allowance of claims 2-4, 7, 21, and 26 are 
respectfully requested. 
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HI. Rejection of Claim 5 Under 35 U.S.C §103(a) 

Claim 5 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. 5,774,552 to Grimmer ("Grimmer") in 
further view of U.S. Pub. No. 2002/0007454 to Tarpenning, et al. ("Tarpenning"). Withdrawal 
of this rejection is respectfully requested for at least the following reasons. 

Claim 5 depends from claim 3, and is allowable over Cordery for substantially the same 
reasons as claim 3, which depends from claims 1 and 2. Additionally, as mentioned above with 
respect to claim 1, Cordery fails to teach or suggest a registration web server to revoke a 
signature certificate as recited in claim 1. As admitted in the Office Action, Cordery and 
Grimmer do not teach or suggest sending the user one of a password and a personal identification 
number (PIN) by the registration web server after the setting of the user entry as recited in claim 
5. 

In contrast to the contention in the Office Action, the addition of Tarpenning does not 
cure the deficiencies of Cordery in view of Grimmer. Tarpenning teaches a delivery system for 
managing security keys using three key pairs to establish, register, move, and revoke rights in a 
device to view protected information. (See Abstract of Tarpenning). In rejecting claim 5, the 
Office Action specifically relies on FIG. 5 for its showing of a flow chart of a process for 
moving a certificate from one device to another. (Tarpenning, par. [0021]). The Office Action 
equates step 1025 of FIG. 5 as teaching sending the user one of a password and a PIN because of 
step 1025's teaching of sending confirmation of a revocation request to the authentication server. 
The "confirmation" taught in Tarpenning is only a notification that revocation has occurred. 
Tarpenning does not teach or suggest that one of a password and a PIN is sent to the user as part 
of the confirmation sent with the revocation request. Tarpenning assumes that the devices from 
which the certificate is being moved are both connected to the server simultaneously, so that the 
certificate can be revoked from one device and issued to the other device in a short period of 
time. (Tarpenning, par. [0042]). This revocation taught by Tarpenning thus occurs without 
sending the user any PIN or password after setting a user entry, as recited in claim 5. 
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For the reasons stated above, claim 5 is patentable over Cordery in view of Grimmer in 
further view of Tarpenning. Accordingly, reconsideration and allowance of claim 5 is 
respectfully requested. 

IV. Rejection of Claim 6 Under 35 U.S.C. §103(a) 

Claim 6 stands rejected under 35 U.S.C. §103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. 5,774,552 to Grimmer ("Grimmer") in 
view of U.S. Pub. No. 2002/0007454 to Tarpenning, et al. ("Tarpenning") in further view of U.S. 
5,982,898 to Hsu, et al ("Hsu"). Withdrawal of this rejection is respectfully requested for at least 
the following reasons. 

Claim 6 depends from claim 5, and is allowable over Cordery for substantially the same 
reasons as claim 5. Additionally, as mentioned above with respect to claim 5, Cordery and 
Grimmer fail to teach or suggest sending a user one of a password and a personal identification 
number (PIN) by a registration web server after setting a user entry. Moreover, as admitted in 
the Office Action, Cordery, Grimmer, and Tarpenning do not teach or suggest requesting a 
signature certificate by the user using a directory password and one of the password and the PIN. 

In contrast to the contention of the Office Action, the addition of a fourth reference, 
namely Hsu, does not cure the deficiencies of Cordery in view of Grimmer in further view of 
Tarpenning. Hsu teaches the use of certifications used in connection with secure and authorized 
communications. (Col. 1, lines 4-5). Hsu also teaches when a user needs a certificate, the user 
contacts the certification authority (CA), and identifies him/herself with a password, and submits 
to the CA some other information, such as a purpose as to why the user wishes to apply the 
certificate. (Col. 4 lines 56-60). Hsu teaches only a single mechanism to identify the requestor. 
Hsu does not teach or suggest requesting a new signature certificate by the user using a directory 
password and one of a password and a PIN, as recited in claim 6. 

Accordingly, reconsideration and allowance of claim 6 is respectfully requested. 
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V. Rejection of Claims 8 and 27 Under 35 U.S.C. §103(a) 



Claims 8 and 27 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. Pub. No. 2001/0011255 to Asay, et al. 
("Asay"). Claims 8 and 27 depend from claims 1 and 23 respectively and are allowable for 
substantially the same reasons as claims 1 and 23. 

VI. Rejection of Claims 9-11 and 28 Under 35 U.S.C. §103(a) 

Claims 9-11 and 28 stand rejected under 35 U.S.C. §103(a) as being unpatentable over 
U.S. 6,134,328 to Cordery, et al. ("Cordery") in view of U.S. Pub. No. 2001/0011255 to Asay, et 
al. ("Asay") in further view of U.S. 6,715,073 to An, et al. ("An, et al."). Withdrawal of this 
rejection is respectfully requested for at least the following reasons. 

Claim 9 depends from claim 8 and is allowable for substantially the same reasons as 
claim 8. As admitted in the office action, the combination of Cordery and Asay does not teach or 
suggest that creating and requesting are initiated by a personal registration authority. 

In contrast to the contention of the Office Action, the addition of An, et al. does not cure 
the deficiencies of Cordery in view of Asay. An, et al. teaches a registration system in which 
information about personal vaults is stored in an X.500 directory. (Col. 3, lines 45-46) An, et al. 
also teaches a registration authority running as a software application in the controller processes 
requests to issue and revoke digital certificates issued by a Certification authority. (Col. 4 lines 
40-44). The "registration authority" referred to in An, et al. is software in contrast to the 
personal registration authority recited in claim 9 which corresponds to a person. (See, e.g. Page 
13 lines 20-22). Accordingly, taken individually or in combination, Cordery, Asay, and An, et al. 
do not teach or suggest claim 9. 

Claim 10 depends from claim 9 and is allowable for substantially the same reasons as 
claim 9. Claims 11 and 28 depend from claims 10 and 27, respectively and is allowable for 
substantially the same reasons as claims 10 and 27. 
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In contrast to the contention of the Office Action, the addition of An, et al. does not cure 
the deficiencies of Cordery in view of Asay with respect to claims 1 1 and 28. An, et al. teaches a 
web server-vault controller interacting with client browsers and registration authority browsers 
for purposes of linking them through a communications supervisor to their respective vaults and 
processes for registrations and certification processes. (Col. 5, lines 7-13). The Office Action 
specifically relies on FIG. 4 reference number 32 for teaching a request supervisor, a 
communication supervisor and a service supervisor. The "supervisors" relied on in the Office 
Action refer to software applications that interact with a server. (Col. 8 lines 17-24). The 
supervisor recited in claims 1 1 and 28 is a person. Since, taken individually or in combination, 
Cordery, Asay, and An et al. do not teach or suggest that the personal registration authority is a 
supervisor of a user, and their reconsideration and allowance of claims are respectfully 
requested. 

VIL Rejection of Claims 12-13 Under 35 U.S.C. §103(a) 

Claims 12 and 13 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
U.S. 6,134,328 to Cordery, et al. ("Cordery") in view of U.S. Pub. No. 2001/0011255 to Asay, et 
al ("Asay") in view of U.S. 6,715,073 to An, et al. ("An, et al") in further view of U.S. 
6,367,012 to Atkinson et al. ("Atkinson"). Claim 12 depends from claim 10 and is allowable for 
substantially the same reasons as claim 10. Claim 13 depends from claim 12 and is allowable for 
substantially the same reasons as claim 12. Since claim 12 and 13 depend from allowable claim 
10, reconsideration and allowance of claims 12 and 13 are respectfully requested. 

VIII. Rejection of Claim 14 Under 35 U.S.C. §103(a) 

Claim 14 stands rejected under 35 U.S.C. §103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. Pub. No. 2001/0011255 to Asay, et al. 
("Asay") in view of U.S. 6,715,073 to An, et al. ("An, et al.") in view of U.S. 6,367,012 to 
Atkinson et al. ("Atkinson") in further view of U.S. 5,774,552 to Grimmer ("Grimmer). 
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Claim 14 depends from claim 13 and is allowable for substantially the same reasons as 
claim 12. As admitted in the Office Action, the combination of Cordery, Asay, An et al. and 
Atkinson does not teach or suggest generating a directory password for the user during the 
creation of the user certificate. Claim 14 recites generating a directory password, which was also 
recited in claim 2, and is therefore allowable for substantially the same reasons as claim 2. 
Further, the combination of six references to establish a case of obviousness appears to be based 
on improper hindsight in which claim 14 is impermissibly being used as a blueprint to piece 
together elements in the prior art. Reconsideration and allowance of claim 14 is respectfully 
requested. 

IX. Rejection of Claim 15 Under 35 U.S.C. §103(a) 

Claim 15 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. Pub. No. 2001/001 1255 to Asay, et al. 
("Asay") in view of U.S. 6,715,073 to An, et al. ("An, et al.") in view of U.S. 6,367,012 to 
Atkinson et al. ("Atkinson") in view of U.S. 5,774,552 to Grimmer ("Grimmer) in further view 
of U.S. Pub. No. 2002/0007454 to Tarpenning, et al. ("Tarpenning"). 

Claim 15 depends from claim 14 and is allowable for substantially the same reasons as 
claim 14. Claim 15 recites sending a user one of a password and a personal identification 
number (PIN) by the registration web server after the setting of the user entry which is also 
recited in claim 5, and is therefore allowable for substantially the same reasons as claim 5. 
Further, the combination of seven references to establish a case of obviousness appears to be 
based on improper hindsight in which claim 15 (like claim 14) is impermissibly being used as a 
blueprint to piece together elements in the prior art. Reconsideration and allowance of claim 15 
is respectfully requested. 

X. Rejection of Claim 16 Under 35 U.S.C. §103(a) 

Claim 16 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. Pub. No. 2001/001 1255 to Asay, et al. 
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("Asay") in view of U.S. 6,715,073 to An, et al. ("An, et al.") in view of U.S. 6,367,012 to 
Atkinson et al. ("Atkinson") in view of U.S. 5,774,552 to Grimmer ("Grimmer) in view of U.S. 
Pub. No. 2002/0007454 to Tarpenning, et al. ("Tarpenning") in further view of U.S. 5,982,898 to 
Hsu, et at. ("Hsu"). 

Claim 16 depends from claim 15 and is allowable for substantially the same reasons as 
claim 15. Claim 16 recites requesting a new signature certificate by a user using a directory 
password and one of a password and a personal identification number (PIN) which was also 
recited in claim 6, and is therefore also allowable for substantially the same reasons as claim 6. 
Accordingly, reconsideration and allowance of claim 16 is respectfully requested. 

XI. Rejection of Claim 17 Under 35 U.S.C. §103(a) 

Claim 17 stands rejected under 35 U.S.C. §103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. 6,715,073 to An, et al. ("An, et al"). 
Claim 17 depends from claim 1 and is patentable over Cordery in view of An, et al. for 
substantially the same reasons as claim 1 . 

XII. Rejection of Claims 19 and 20 Under 35 U.S.C. §103(a) 

Claims 19 and 20 stand rejected under 35 U.S.C. §103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. 6,367,012 to Atkinson et al. 
("Atkinson"). Claims 19 and 20 which depend from claim 18, are patentable over Cordery in 
view of Atkinson for substantially the same reasons as claim 18. 

XIII. Rejection of Claim 22 Under 35 U.S.C. §103(a) 

Claim 22 stands rejected under 35 U.S.C. §103(a) as being unpatentable over U.S. 
6,134,328 to Cordery, et al. ("Cordery") in view of U.S. 6,715,073 to An, et al. ("An, et al"). 
Claim 22 is generally similar to claim 9 and is patentable for substantially the same reasons as 
claim 9. As mentioned above with respect to claim 9, An, et al. teaches that the registration 
authority is software, while in claim 22, the personal registration authority is a person. 
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XIV. CONCLUSION 

In view of the foregoing remarks, Applicant respectfully submits that the present 
application is in condition for allowance. Applicant respectfully requests reconsideration of this 
application and that the application be passed to issue. 

If the Examiner has any questions or if the Applicant or its representative can be of any 
assistance in connection with prosecution of this application, the Examiner is invited and 
encouraged to contact the undersigned at the number identified below. 

Please charge any deficiency or credit any overpayment in the fees for this amendment to 
our Deposit Account No. 20-0090. 




Respectfully submitted, 



GaryPitzer 
Registration No. 39,334 



Customer No.: 26,294 



TAROLLI, SUNDHEIM, COVELL, & TUMMINO L.L.P. 

526 Superior Avenue, Suite 1111 



Cleveland, Ohio 44 1 1 4- 1 400 
Phone: (216)621-2234 
Fax: (216)621-4072 
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